Hi all, I would like to know the internal behaviour of slapo-accesslog.
I would like to have accesslog with a data retention of 10 days. In my ldap usage scenario this retention produce an accesslog db of quite 10GB of data.
Things are working quite fine, but when the log db contains data older than the retention I defined after restart slapd has a thread allocated at 100% of cpu of one processor. I logged at loglevel 992 = 512 + 256 + 128 + 64 + 32, blocked with iptables every external ldap access and saw these lines in the log:
[cut] Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042854.000008Z,cn=log03,dc=mycorp.it" "reqStart" requested Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted by manage(=mwrscxd) Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6 Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter Feb 3 09:37:08 ldap03 slapd[16289]: LE Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042854.000010Z,cn=log03,dc=mycorp.it" "reqStart" requested Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted by manage(=mwrscxd) Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6 Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter Feb 3 09:37:08 ldap03 slapd[16289]: LE Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042854.000012Z,cn=log03,dc=mycorp.it" "reqStart" requested Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted by manage(=mwrscxd) Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6 Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter Feb 3 09:37:08 ldap03 slapd[16289]: LE Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042854.000014Z,cn=log03,dc=mycorp.it" "reqStart" requested Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted by manage(=mwrscxd) Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6 Feb 3 09:37:08 ldap03 slapd[16289]: => test_filter Feb 3 09:37:08 ldap03 slapd[16289]: LE Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042855.000000Z,cn=log03,dc=mycorp.it" "reqStart" requested Feb 3 09:37:08 ldap03 slapd[16289]: <= root access granted Feb 3 09:37:08 ldap03 slapd[16289]: => access_allowed: search access granted by manage(=mwrscxd) Feb 3 09:37:08 ldap03 slapd[16289]: <= test_filter 6 Feb 3 09:37:09 ldap03 slapd[16289]: => test_filter Feb 3 09:37:09 ldap03 slapd[16289]: LE Feb 3 09:37:09 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042855.000002Z,cn=log03,dc=mycorp.it" "reqStart" requested Feb 3 09:37:09 ldap03 slapd[16289]: <= root access granted Feb 3 09:37:09 ldap03 slapd[16289]: => access_allowed: search access granted by manage(=mwrscxd) Feb 3 09:37:09 ldap03 slapd[16289]: <= test_filter 6 Feb 3 09:37:09 ldap03 slapd[16289]: => test_filter Feb 3 09:37:09 ldap03 slapd[16289]: LE Feb 3 09:37:09 ldap03 slapd[16289]: => access_allowed: search access to "reqStart=20110202042855.000004Z,cn=log03,dc=mycorp.it" "reqStart" requested [cut]
I could assume that slapo-accesslog is querying all entries older than the retention and passes to delete them.
What if this step to end the job will take more time than the interval time of re-starting? Augmenting the frequency of this job could help in this meaning?
Every best practice to follow to use accesllog effectively will be very appreciated! :-)
Thanks Marco Pizzoli